Advisories for Npm/Tree-Kill package

Versions of tree-kill prior to 1.2.2 are vulnerable to Command Injection. The package fails to sanitize values passed to the kill function. If this value is user-controlled it may allow attackers to run arbitrary commands in the server. The issue only affects Windows systems. Recommendation Upgrade to version 1.2.2 or later.

A Code Injection exists in tree-kill on Windows which allows a remote code execution when an attacker is able to control the input into the command.